Symfony security roles

1
votes

I'm currently trying to wrap my head around Symfony security, especially ACL. I've been reading though various pieces of documentation and for ACL roles & permissions seem to be important.

However, I don't understand where these roles & permissions are defined. E.g. the documentation has a tiny little section on roles [1] but in this example, where does the ROLE_USER come from? Furthermore, how do roles encapsulate permissions, as in, where in a Symfony application is this relationship between roles & permissions defined?

[1] http://symfony.com/doc/master/book/security.html#roles

1
symfonyacl

1 Answers

5
votes

Built-in special roles (IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED, IS_AUTHENTICATED_ANONYMOUSLY) are defined here: AuthenticatedVoter.

All other roles you should define in app/config/security.yml in the form of hierarchy. For example:

security:
    acl:
        connection: default
    # ...
    role_hierarchy:
        ROLE_SILVER: [ROLE_BRONZE]
        ROLE_GOLD: [ROLE_SILVER]
        ROLE_PLATINUM: [ROLE_GOLD]
        ROLE_ADMIN: [ROLE_PLATINUM, ROLE_ALLOWED_TO_SWITCH]

Hope it helps you.

UPDATE#1: It is implemented with Acl. You can create many acl's for what you need (for example Class, ClassField, Object). Every Acl for Domain has one or more Entries like:

Entry#1: User with 'ROLE_BRONZE' allow to 'VIEW' this `Domain`
Entry#2: User with 'ROLE_SILVER' allow to 'EDIT' this `Domain`

etc.

So according with role_hierarchy ROLE_SILVER allow to EDIT and VIEW this Domain. But ROLE_BRONZE allow only VIEW.

In your Controller you can check the permission. For detailed see this example.

UPDATE#2: To granting some permissions use MaskBuilder.